I was studying how to add custom fields in our devise user model in ruby on rails and I came across this link I just have one doubt regarding the following piece of code-
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email) }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :title_id, :province_id, :first_name, :last_name) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password) }
end
This was written in application controller, In case of :sign_in we only check for email and why not password and in :account_update why don't we check for first_name and last_name after all a user can update his first_name and last_name as well.
Can somebody please help me, How these 3 lines work?
Sign-in: The sanitizer knows about Devise default parameters like password or password_confirmation. Therefore you don't need to add password in the list.
Sign-up/account-update: You can add first_name andlast_name or change the permitted parameters list on your controllers.
Please See this documentation
Note: Only given parameters will be allowed to process request further.
Related
The Devise docs state that there are three actions that allow parameters to be passed on down to the model: :sign_up, :sign_in, and :account_update. The following example (based off their doc) suggests that I use a before filter.
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:email, :username, :website, :invitation_code])
end
They don't explicitly state that it's a good idea to also sanitize parameters for the other two actions, or if it's a good idea to sanitize other (non-Devise) model params. This is where I'm confused. Should I add to the above code so that it's like this?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:email, :username, :website, :invitation_code])
devise_parameter_sanitizer.permit(:sign_in, keys: [:email, :username, :password])
devise_parameter_sanitizer.permit(:account_update, keys: [:email, :firstname, :lastname, :password, :password_confirmation, :website])
end
Also, how do I know that the parameters are being converted to a hash?
You don't need to sanitize parameters that are never used. Presumably in your login (:sign_in in devise) you're only using username and password so there is no need to sanitize any extra parameters there.
If the user can update his/her first_name, website and so on in your edit form you're gonna need that however for the :account_update parameters.
Well, to contextualize a bit, I want devise acts just like always, the only difference being that when a user sign up, he have to put a name (and it doesn't have to be blank)
What I have achieved is that when the user sign up he can put a name, the problem is that he can leave it blank and his name will be equal to "".
I did this with some help of what appears on this page, ie creating a migration to add the name column to the users table and putting the following in the application controller.
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :email, :password, :password_confirmation, :remember_me) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:name, :email, :password, :password_confirmation, :current_password) }
end
end
But what is explained there later is not exactly what I want to do, I want the user to always sign in with his email (as devise already does by default), as I said, the only thing I wish is that if anyone wants to sign up, he have to type some name, being this not blank.
Does anyone know how can I do it?
what you need to do is to add validation for name to the user model. Validate the presence of name on a user
So, in your user model:
validates_presence_of :name
with this, when a user submits a registration form with blank name, this validation will kick in, and prevent this user instance from being saved, while adding the "name can't be blank" error to the form.
I would like to extend my sign up form with elements like:
Username
Firtname
Lastname
Age
Currently available is only:
Email
Pass
ConfirmPass
How can I do that?
You need to do 2 things.
Just add those new fields to the generated Devise form
app/views/devise/registrations/new.html.erb
You'll need to add those new fields to the Devise strong params. You can do that by adding this to your ApplicationController
def configure_permitted_params
devise_parameter_sanitizer.for(:sign_up) { |user| user.permit(:username, :first_name, :last_name, :age :email, :password, :password_confirmation) }
end
I'm new to Devise, was advised against using my own authentication and use this instead since it's the standard for Rails apps and I'm having a hard time with it.
I'm trying to get users to signup to my site but I need to ask for more fields than the Devise defaults. I added this to my applications controller:
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :username, :email, :password, :password_confirmation, :remember_me) }
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :username, :email, :password, :remember_me) }
end
Yet still only the email, password and confirmation show up. Am I missing something?
Run rails generate devise:views to add devise views in your application code for customization.
After running this command a folder would be created in your_application/app/views directory named devise. It will contain all the devise views which you can then customize as per your requirement.
For example: To add new fields on sign up page, you would need to customize your_application/app/views/devise/registrations/new.html.erb view.
Previously, I've discussed an issue here that enables login via username my app with rails 4. In 'Strong Parameters' part of README of Devise, "the lazy way™" says additional parameters like "username" could be added with configure_permitted_parameters under ApplicationController. Then I copy-pasted code below the example into my app respectively, but it worked only :sign_up phase. So, I add other phases like this:
def configure_permitted_parameters
devise_parameter_sanitizer.for(:account_update) << :username
devise_parameter_sanitizer.for(:sign_in) << :username
devise_parameter_sanitizer.for(:sign_up) << :username
end
But it didn't worked for any phase, so I removed all lines, even deleted the function, but nothing turns it back. How can I fix it?
Devise version?
Try:
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email, :password, :remember_me) }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password) }
end